Digital Identification Document

ABSTRACT

Some implementations may include a computer-assisted method for authenticating a person at a point of service, the method including: receiving a digital identification document including a digital biometric of the person and a digital watermark, the digital watermark encoding personally identifiable information of the person; retrieving the digital watermark from the received digital identification document; extracting the personally identifiable information from the retrieved digital watermark; and authenticating the person identified by the digital biometric based on the retrieved digital watermark.

CROSS-REFERENCE TO RELATED APPLICATION(S)

This application is a divisional of U.S. patent application Ser. No.14/470,688, filed Aug. 27, 2014, now U.S. Pat. No. 10,282,802, whichclaims the benefit of U.S. Provisional Application No. 61/870,591 filedAug. 27, 2013, which is incorporated by reference in its entirety.

TECHNICAL FILED

This document generally relates to digital identification document.

BACKGROUND

Digital watermarking may be used on identification documents, such asdigital identification documents, as a security feature to preventfraud.

SUMMARY

In one aspect, some implementations provide a computer-assisted methodfor digitizing an identification document, the method includingreceiving a digital biometric of a subject; generating a digitalidentification document by applying a digital watermark, the digitalwatermark encoding personally identifiable information of the subjectidentified by the digital biometric; and issuing the digitalidentification document, the digital identification document comprisingboth the digital watermark and the digital biometric.

Implementations may include one or more of the following features. Themethod may further include extracting characteristics from the digitalbiometric, the characteristics identifying the subject; and storing theextracted characteristics at a searchable system of record wherein amatching record located at the searchable system provides a positiveidentification of the subject. Storing the characteristics may includestoring personally identifiable information of the subject along withthe extracted characteristics in the searchable system of record.Receiving a digital biometric of a subject comprises receiving a digitalfacial biometric of the subject. Receiving a digital biometric of asubject comprises receiving a digital finger-print of the subject.Receiving a digital biometric of a subject comprises receiving an irisor retina scan the subject. Issuing the digital identification documentcomprises issuing the digital identification document to a mobilecomputing device held by the subject.

The method may further include receiving a request to renew the digitalidentification document; and issuing a renewed digital identificationdocument after verifying the renewal request, the renewed digitalidentification document also including both the digital biometric andthe digital watermark.

The method may further include issuing the digital identificationdocument to include personally identifiable information as well asinformation other than the personally identifiable information. Themethod may further include receiving a request to update the informationother than the personally identifiable information; and issuing areplacement identification document with the updated information otherthan the personally identifiable information, the replacement digitalidentification document comprising both the digital watermark and thedigital biometric.

The method may further include receiving a request for a replacementidentification document and an updated digital biometric of the subject;in response to authenticating that the request is genuine, generatingthe replacement identification document by applying the digitalwatermark to encode the personally identifiable information; and issuingthe replacement digital identification document, the replacement digitalidentification document including the updated digital biometric and thedigital watermark.

The method may further include securing the digital identificationdocument to prevent an alteration thereof. Securing the digitalidentification may include generating security check information basedthe digital identification document; and storing the generated securitycheck information to be compared against. Generating security checkinformation may include generating least one of: a digital certificateof at least a portion of the digital identification document, anencryption of at least a portion of the digital identification documentusing a private key of an issuing authority, a hash of at least aportion of the digital identification document, a digest of at least aportion of the digital identification document, or a checksum of atleast a portion of the digital identification document.

The method may further include suspending or revoking the digitalidentification document in response to a validated request forsuspension or revocation. Suspending or revoking the digitalidentification document may include removing the digital identificationdocument from a mobile computing device of the subject. Suspending orrevoking the digital identification document may include issuing asuspended or revoked digital identification document to over-write thepreviously issued digital identification document on the mobilecomputing device of the subject.

In another aspect, some implementations provide a method forauthenticating a person at a point of service, including receiving adigital identification document with a digital biometric of the person,and a digital watermark encoding personally identifiable information ofthe person; and authenticating the person identified by the digitalbiometric based on the digital identification document.

Implementations may include one or more of the following features.Authenticating the person comprises: comparing the personallyidentifiable information against a searchable system of record. Themethod may further include transmitting the personally identifiableinformation to a remote server; and receiving results of comparing thepersonally identifiable information against the searchable system ofrecord at the remote server. Authenticating the person may includereceiving a biometric of the person presenting the digitalidentification document at the point of service; and comparing thebiometric of the person at the point of service with the digitalbiometric on the digital identification document. The method may furtherinclude retrieving a first portion of personally identifiableinformation of the person identified by the digital biometric on thedigital identification document; extracting a second portion ofpersonally identifiable information of the person from the digitalwatermark on the digital identification document; and validating thedigital identification document based on the first portion of personallyidentifiable information and the second portion of personallyidentifiable information.

In yet another aspect, some implementations provide system fordigitizing an identification document, the system comprising at leastone computer processor configured to perform the operations of:receiving a digital biometric of a subject; generating a digitalidentification document by applying a digital watermark, the digitalwatermark encoding personally identifiable information of the subjectidentified by the digital biometric; and issuing the digitalidentification document, the digital identification document comprisingboth the digital watermark and the digital biometric.

Implementations may include one or more of the following features. Theoperations may further include extracting characteristics from thedigital biometric, the characteristics identifying the subject; andstoring the extracted characteristics at a searchable system of recordwherein a matching record located at the searchable system provides apositive identification of the subject. Storing the characteristicscomprises the operation of storing personally identifiable informationof the subject along with the extracted characteristics in thesearchable system of record. Receiving a digital biometric of a subjectcomprises the operation of receiving a digital facial biometric of thesubject. Receiving a digital biometric of a subject comprises theoperation of receiving a digital finger-print of the subject. Receivinga digital biometric of a subject comprises the operation of receiving aniris or retina scan the subject. Issuing the digital identificationdocument may include issuing the digital identification document to amobile computing device held by the subject.

The operations may further include receiving a request to renew thedigital identification document; and issuing a renewed digitalidentification document after verifying the renewal request, the reneweddigital identification document also comprising both the digitalbiometric and the digital watermark. The operations may further includeissuing the digital identification document to include personallyidentifiable information as well as information other than thepersonally identifiable information. The operations may further includereceiving a request to update the information other than the personallyidentifiable information; and issuing a replacement identificationdocument with the updated information other than the personallyidentifiable information, the replacement digital identificationdocument including both the digital watermark and the digital biometric.

The operations may further include: receiving a request for areplacement identification document and an updated digital biometric ofthe subject; in response to authenticating that the request is genuine,generating the replacement identification document by applying thedigital watermark to encode the personally identifiable information; andissuing the replacement digital identification document, the replacementdigital identification document comprising the updated digital biometricand the digital watermark.

The operations may further include: securing the digital identificationdocument to prevent an alteration thereof. Securing the digitalidentification may include the operations of generating security checkinformation based the digital identification document; and storing thegenerated security check information to be compared against. Securingthe digital identification comprises the operations of generating atleast one of: a digital certificate of at least a portion of the digitalidentification document, an encryption of at least a portion of thedigital identification document using a private key of an issuingauthority, a hash of at least a portion of the digital identificationdocument, a digest of at least a portion of the digital identificationdocument, or a checksum of at least a portion of the digitalidentification document.

The operations may further include suspending or revoking the digitalidentification document in response to a validated request forsuspension or revocation. Suspending or revoking the digitalidentification document may include removing the digital identificationdocument from a mobile computing device of the subject. Suspending orrevoking the digital identification document may include issuing asuspended or revoked digital identification document to over-write thepreviously issued digital identification document on the mobilecomputing device of the subject.

In still another aspect, some implementations provide a mobile computingdevice for authenticating a person, the mobile computing devicecomprising at least one processor configured to perform operationsincluding: receiving a digital identification document with a digitalbiometric of the person, and a digital watermark encoding personallyidentifiable information of the person; and authenticating the personidentified by the digital biometric based on the digital identificationdocument.

Implementations may include one or more of the following features.Authenticating the person may include: comparing the personallyidentifiable information against a searchable system of record. Theoperations may further include transmitting the personally identifiableinformation to a remote server; and receiving results of comparing thepersonally identifiable information against the searchable system ofrecord at the remote server.

Authenticating the person may include receiving a biometric of theperson presenting the digital identification document at the point ofservice; comparing the biometric of the person at the point of servicewith the digital biometric on the digital identification document. Theoperations may further include retrieving a first portion of personallyidentifiable information of the person identified by the digitalbiometric on the digital identification document; extracting a secondportion of personally identifiable information of the person from thedigital watermark on the digital identification document; and validatingthe digital identification document based on the first portion ofpersonally identifiable information and the second portion of personallyidentifiable information.

In yet still another aspect, some implementations provide acomputer-readable medium, comprising information encoding a digitalidentification document of a subject, the digital identificationdocument generated by: receiving a digital biometric of the subject;applying, to the digital identification document, a digital watermark toencode personally identifiable information of the subject portrayed inthe portrait; and issuing the digital identification document with thedigitally watermark and the digital biometric identifying the subject.

Implementations of the above techniques include a method, computerprogram product and a system. The computer program product is suitablyembodied in a non-transitory machine-readable medium and includesinstructions executable by one or more processors. The instructions areconfigured to cause the one or more processors to perform the abovedescribed actions.

The system includes one or more processors and instructions embedded ina non-transitory machine-readable medium that are executable by the oneor more processors. The instructions, when executed, are configured tocause the one or more processors to perform the above described actions.The default position is not to use any external databases, but thesystem could be configured to perform a database check if needed.

The details of one or more aspects of the subject matter described inthis specification are set forth in the accompanying drawings and thedescription below. Other features, aspects, and advantages of thesubject matter will become apparent from the description, the drawings,and the claims.

DESCRIPTION OF DRAWINGS

FIG. 1 illustrates an example identification document according to someimplementations.

FIG. 2A is a flow chart showing an example method of combining luminanceand chrominance modulations to digitally watermark an identificationdocument according to some implementations.

FIG. 2B is a flow chart showing an example of a method for determiningcorrelatable portions of personally identifiable information forluminance and chrominance modulations according to some implementations.

FIG. 2C shows an example identification document digitally watermarkedaccording to some implementations.

FIG. 3A is a flow chart showing an example method of authenticating anidentification document based on the luminance and chrominancemodulations of digital watermarks according to some implementations.

FIG. 3B is a flow chart showing an example method of correlatingportions of personally identifiable information according to someimplementations.

FIG. 3C is a flow chart showing an example method of validatingportion(s) of personally identifiable information encoded by a digitalwatermark according to some implementations.

FIG. 4A is a flow chart showing an example method of combining abiometric and a digital watermark on a digital identification documentaccording to some implementations.

FIG. 4B is a flow chart showing an example process of renewing a digitalidentification document according to some implementations.

FIG. 4C is a flow chart showing an example process of replacing adigital identification document according to some implementations.

FIG. 4D is a flow chart showing an example method of securing thedigital identification document according to some implementations.

FIG. 4E shows an example digital identification document displayed on amobile device according to some implementations.

FIG. 5A is a flow chart showing an example method of validating thedigital identification document according to some implementations.

FIG. 5B is a flow chart showing an example process of validating thedigital identification document according to some implementations.

FIG. 5C is a flow chart showing an example method of validating thedigital identification document according to some implementations.

FIG. 6A is a flow chart showing an example method of digitallywatermarking a digital portrait as a machine-readable code according tosome implementations.

FIG. 6B is a flow chart showing an example process of renewing adigitally watermarked digital portrait according to someimplementations.

FIG. 6C is a flow chart showing an example process of replacing adigitally watermarked digital portrait according to someimplementations.

FIG. 6D is a flow chart showing an example method of securing adigitally watermarked digital portrait according to someimplementations.

FIG. 6E shows an example digitally watermarked digital portraitdisplayed on a mobile device according to some implementations.

FIG. 7A is a flow chart showing an example method of validating thedigitally watermarked digital portrait according to someimplementations.

FIG. 7B is a flow chart showing an example process of authenticating thedigital watermarked digital portrait.

FIG. 8 is a diagram showing an example reading device for validating anidentification document according to some implementations.

Like reference symbols in the various drawings indicate like elements.

DETAILED DESCRIPTION

A digital identification document may be in an electronic form. Thedigital identification document may include a digital biometric and atleast one digital watermark. The digital biometric may include a digitalfacial portrait, a finger-print, an iris scan, a retina scan, etc. Thedigital biometric can identify the person holding the digitalidentification document. The digital watermark, on the other hand, mayembedded in the digital identification document and may be imperceptibleto naked eyes. The digital watermark may encode personally identifiableinformation of the holder of the digital identification document. Thedigital watermark may be used to detect unauthorized alterations of thedigital identification document. Thus, the validity of the digitalidentification document may be established based on the embedded digitalwatermark. The digital identification document may be presented on amobile computing device of the holder, such as, for example, asmartphone, a tablet, etc.

FIG. 1 illustrates an example identification document 100 according tosome implementations. Identification document 100 may be agovernment-issued identification document, such as, for example, adriver's license issued by the department of motor vehicles (DMV) of astate, a passport issued by the state department, a social security cardissued by the social security administration (SSA), a medicare cardissued by the department of health and human services (DHS), a Medicaidcard issued by the DHHS, etc. The identification document may be issuedby a government entity, for example, the DMV at the state level, or thestate department at the federal level. The identification document mayalso be issued by non-government entities, such as a contracting entityof a government agency. Identification document 100 may also be otheridentification documents, such as, for example, a student identificationcard issued by a school, a membership card issued by an organization, anemployee identification card issued by an employer, etc.

Portrait 102 may include a facial portrait of the holder of theidentification document. The facial portrait may identify the personholding the identification document. The facial portrait may be 2×2 inand showing the front face of the holder. In some implementations,portrait 102 may include a facial biometric of the document holder. Insome implementations, portrait 102 may manifest as other forms ofbiometrics, such as, for example, a finger-print, a palm-print, a retinascan, a iris scan, a pupil scan, etc.

Personally identifiable information 104 may include name (including fullname, first name, last name, middle/initials), residential address,gender, nationality, occupation, marital status, eye color, hair color,blood type etc. Personally identifiable information 104 may also includenumerical terms such as date of birth, height, weight, election zone,document number, issue date, etc. Portions of personally identifiableinformation may be printed on the identification document.

Identification document 100 may be verified by reader 106. Reader 106may represent a human inspector, for example, a cashier at a liquorstore, a security guard at a building, etc. In some implementations, thehuman inspector may be assisted by a reader device. The identificationdocument may be analyzed by reader 106 to verify that (i) theidentification document is authentic and has not been forged or altered;(ii) the person presenting the identification document is the personidentified by the identification document.

To prove the source of an identification document, digital watermark(s)may be embedded into an identification document. Additionally, digitalwatermark(s) may carry personally identifiable information about theholder. Thus, digital watermark(s) can be used on an identificationdocument to authenticate the identification document and carryinformation about the identity of the holder

Digital watermark(s) may be secure, covert and machine-readable. Digitalwatermark(s) may be generally imperceptible to naked eyes. In fact,digital watermark(s) may generally appear as noise, for example, addedto a background noise. However, altering a digital watermark may bevirtually impossible, and the mere lack of presence of a digitalwatermark can immediately indicate tampering and likely counterfeiting.Hence, digital watermark(s) used in an identification document mayprovide strong and effective deterrence to counterfeit.

To validate an identification document, steganography may analyze thedigital watermark to identify the source and reveal the informationidentifying the holder. In some implementations, data contents encodedby the digital watermarks may be encrypted so that the encoded datacontents may remain secure, as an additional security mechanism. Suchencrypted data contents may be decrypted first. In some implementations,the digital watermark may be initially analyzed to extract frequencydomain information. The frequency domain information may includespectrum information manifested by, for example, the digital cosinetransforms (DCT) coefficients in a particular spatial frequency range.In contrast to spatial domain information, such frequency domaininformation may be robust to cropping or translation of the originaldocument. Hence, the frequency domain information may be moretamper-proof and more resilient to artifacts during field use. Likewise,mixed-domain information, i.e., information from both spatial domain andfrequency domain may provide similar degree of robustness againsttampering and artifacts. However, the implementations disclosed hereinare not limited to the use of frequency domain information alone or theuse of mixed-domain information. Spatial domain information may be usedaccording to the same scheme as disclosed herein.

FIG. 2A is a flow chart showing an example method of combining luminanceand chrominance modulations to digitally watermark an identificationdocument according to some implementations. A spatial luminance patternassociated with a first digital watermark may be modulated to encode afirst portion of personally identifiable information (202). The spatialluminance pattern may refer to an intensity map of brightness. Theluminance may be gamma corrected, and referred to as luma. Gammacorrection generally tailors the presentation of brightness in anon-linear fashion, for example, according to a power-law. Thenon-linear correction may enhance visual perception of the encodedcolor. The modulation may manifest as, for example, a spatial Moire'spattern. Moire's patterns may include line patterns, complex shapes, oreven symbols. The patterns, shapes, and symbols may be linked to theissuer, such as the DMV, the state department, an employer, etc. Themodulation may reveal the information encoded, such as a number or analphabetic letter. The encoded information may also be embedded in thegranny noise of the intensity pattern and may be undetectable to thenaked eyes. Moreover, the encoded information may be encrypted toprovide additional security.

On the same identification document, a spatial chrominance distributionassociated with a second digital watermark may be modulated (204). Thechrominance pattern may refer to a color map. Color maps may be indexedin a multi-dimensional color space. For example, an RGB space may bebased on the primary colors of red, green, and blue. An example colorspace may also be based on the three primary colors of cyan, magenta,and yellow. In some implementations, the chrominance pattern may alsouse a color map indexed by two components, for example, based on the Uand V components of the YUV model, or based on the Cb and Cr componentsof the YCbCr model, or based on the Pb and Pr components of the YPbPrmodel. The encoded information may manifest as color smear patternsshowing numbers, alphabetical letters, or symbols. The encodedinformation may appear as color aberration noise unperceivable to nakedeyes. Similar to the first digital watermark with modulated spatialluminance pattern, the second modulated spatial chrominance distributionmay carry encrypted information.

In some implementations, the first digital watermark with the modulatedspatial luminance pattern and the second digital watermark with themodulated spatial chrominance distribution may be applied to the sameidentification document (206). The two digital watermarks may be appliedto different sides of the identification document, for example, thefront and back of a driver license, front and back of any given page ofa passport, etc. The two digital watermarks may be applied to differentregions on the same side of the identification document. The two regionswhere each digital watermark has been applied may share a common region.The two digital watermarks may also be applied to the same region on thesame side of the identification document. The two digital watermarks maybe applied to different grating structures underneath the same page ofthe identification document such that only one digital watermark isdetectable from a given viewing angle or a particular viewing direction.In other words, detection of the given digital watermark may beviewing-angle dependent or viewing-direction dependent.

The first digital watermark with luminance modulations and the seconddigital watermark with chrominance modulations may encode a common pieceof information based on which the two digital watermarks may mutuallyauthenticate each other. The process may be known as across-correlation. To cross-correlate the information encoded by the twodigital watermarks, a correlatable portion of information may bedetermined for the correlation purpose. The determination may take placewhen the digital watermarks are being applied to the identificationdocument. The digital watermarks on an identification document mayencode information identifying the issuing entity, such as, for example,the DMV, the state department, the employer. The digital watermarks onan identification document may encode personally identifiableinformation about the holder of the identification document. Asdiscussed above, personally identifiable information may include name(including full name, first name, last name, middle/initials), date ofbirth, height, weight, residential address, gender, nationality,occupation, marital status, eye color, hair color, blood type electionzone, document number, issue date, etc.

FIG. 2B is a flow chart showing an example of a method for determiningcorrelatable portions of personally identifiable information forluminance and chrominance modulations according to some implementations.Determining a first portion of personally identifiable information (212)may take place during the stage of modulating the luminance pattern ofthe first digital watermark (202). The first portion of personallyidentifiable information may include any portion of personallyidentifiable information as discussed above. Likewise, determining asecond portion of personally identifiable information (214) may takeplace during the stage of modulating the chrominance distribution of thesecond digital watermark (204) and the second portion of personallyidentifiable information may also include any portion of the personallyidentifiable information as discussed above. Nonetheless, the firstportion of personally identifiable information may include first datathat is correlatable with second data from the second portion ofpersonally identifiable information. The first data may be identical incontents to the second data. Correlating the first data with the seconddata may be a comparison of the first data and the second data. Thecomparison may be a string comparison. The comparison may also be anumerical subtraction. The first data and the second data, oncecombined, may reveal a piece of personally identifiable information ofthe holder. For example, the first data may include the odd digits ofthe birth date while the second data may include the even digits of thebirth date. For example, the first data may be the beginning five digitsof the holder's social security number while the second data may be theending four digits of the holder's social security number. Correlatingthe first data with the second data may be a string combination orconcatenation. In some implementations, the correlatable data may beinformation other than the personally identifiable information of theholder. For example, the correlatable data may be the issuingauthority's emblem symbol, acronym of the employer, etc. As discussedabove, the first portion and the second portion may be encrypted.

The digital watermark with luminance modulation and the digitalwatermark with chrominance modulation may be applied to the sameidentification document. The two distinct digital watermarkingmechanisms may be applied either a physical identification document or adigital identification document. FIG. 2C shows a physical identificationdocument 220 and a digital identification document 222 displayed on amobile device.

To valid the identification document, the two digital watermarks may beanalyzed and the information encoded by each digital watermark may becompared against each other. FIG. 3A is a flow chart showing an examplemethod of authenticating an identification document based on theluminance and chrominance modulations of digital watermarks according tosome implementations. An identification document may be received (301).The identification document may be digitally watermarked as discussedabove. For example, the identification document may include a firstdigital watermark with a modulated spatial luminance pattern and asecond digital watermark with a modulated spatial chrominancedistribution. The first digital watermark may be retrieved by a scanningdevice (302). The scanning device may be configured to read themachine-readable luminance pattern encoding the first portion ofpersonally identifiable information. As a result, the first portion ofpersonally identifiable information 306 may be extracted from thespatial luminance pattern associated with the first digital watermark(304). Likewise, the scanner may retrieve the second digital watermarkfrom the identification document (312). As discussed above, the seconddigital watermark may include a spatial chrominance distribution toencode a second portion of personally identifiable information. Thescanner device may be configured to extract the second portion ofpersonally identifiable information 316 from the spatial chrominancedistribution of the second digital watermark (314). When reading out thefirst portion of personally identifiable information 306 and the secondportion of personally identifiable information 316, the scanning devicemay be configured to extract the encoded information simultaneously. Theencoded information may be encrypted, for example, by the private key ofthe issuing authority. In some implementations, the scanning device maybe configured to decrypt the encoded information, for example, by usinga public key of the issuing authority. The identification document maybe validated based on the first portion of personally identifiableinformation as well as the second portion of personally identifiableinformation (310).

FIG. 3B is a flow chart showing an example method of correlatingportions of personally identifiable information according to someimplementations. In validating the identification document (310), thefirst portion of personally identifiable information may be correlatedwith the second portion of personally identifiable information (322).The first and second portions of personally identifiable information mayinclude a common piece of information, for example, the holder's birthdate. Correlating the first and second portions may include comparing apiece of information meant to be identical in contents and encoded bytwo independent mechanisms. As discussed above, correlating may alsoinclude combining or concatenating pieces of information from the firstand second portions. The correlation may yield a matching resultindicating a confirmation the identification document is authentic(324).

The match may not be perfect. In some implementations, for example, thefrequency domain information encoded by the two digital watermarks maybe incomplete due to losses in the scanning process. In someimplementations, the degree of match may depend on the context of theapplication. For example, for applications involving mobile transactionswith a financial sum of under $500, a lower degree of match level may besufficient. While for applications involving accessing high securityfacilities such as nuclear plant to military installation, a higherdegree of match may be adopted. In some implementations, the matchingprocess may depend on jurisdiction. For example, in some states whichadopted a less sophisticated digital watermark, a more primitive matchprocedure may be performed. Even in states that have adopted a moresophisticated digital watermark, a legacy digital identificationdocument may still use the old and less sophisticated digitalwatermarking. The legacy identification document may still be honored bya more primitive matching procedure. In some implementations,ascertaining whether there is a substantial match may further factor inusage history of the holder of the identification document. For example,if the person requesting access at the building has frequently gainedaccess to the building in the past, then the degree of match may belessened to simplify the process. In a similar vein, a trusted visitordatabase can be set up to track such visitors and potentially speed upthe validation process.

If substantial match has been found between the encoded data from thefirst and second portions of identification document, then theauthenticity of the identification document may be confirmed (324).Conversely, if substantial match has not been found between the encodeddata from the first and second portions of identification document, thenthe authenticity of the identification document may not be confirmed. Insome implementations, the holder of the identification document may bealerted if the authenticity of the identification document cannot beestablished. The alert may sent through email, automatic voicemail,short message service (SMS) message, etc., to a registered account ofthe holder of the identification document.

FIG. 3C is a flow chart showing an example method of validatingportion(s) of personally identifiable information encoded by a digitalwatermark according to some implementations. In some implementations,the scanner device may transmit the decoded first portion of personallyidentifiable information or the second portion of personallyidentifiable information to a server for validation (332). Thetransmitted personally identifiable information may include informationnot printed on the identification document or information encrypted bythe issuing authority of the identification document. The server may bemaintained by the issuing authority or a proxy of the issuing authority.If the personally identifiable information received at the server hasbeen encrypted by the issuing authority, the server may first decryptthe received information. The encryption may utilize a public key of theissuing authority and may be decrypted by the corresponding private keyof the issuing authority. The encrypted information may also include anintegrity check. Example integrity checks may include a check sum, ahash, a cyclic redundancy check (CRC) code, etc.

The server may compare the received personally identifiable informationwith a record stored in the database. In comparing the receivedpersonally identifiable information against the database, the server mayimplement different levels of matching depending on the context of theapplication, as discussed above. If an adequate match has beenidentified, the server may notify the scanning device of the match. If,however, no adequate match can be identified, the server may alert thescanning device of the lack of match. Therefore, the scanning device mayreceive validation results from the server (334), according to someimplementations.

In some implementations, the digital watermark(s) may be combined with adigital biometric to provide a digital identification document forsecure authentication. FIG. 4A is a flow chart showing an example methodof combining a biometric and a digital watermark on a digitalidentification document according to some implementations. A digitalbiometric of a subject may be received (402). The digital biometric maybe a digital representation of a biometric. The digital representationmay be in the form of a binary file stored in a storage device, such as,for example, hard disk drive, non-volatile memory, dynamic random accessmemory, etc. The biometric may include a facial portrait, afinger-print, a palm-print, a iris pattern, a retina pattern, etc. of asubject. The digital biometric may the biometric encoded in any digitalencoding scheme suitable for storage on a computing device having atleast one processor. The encoding scheme may account for the underlyingprocessor architecture, for example, big endian or little endian.

Characteristics may be extracted from the digital biometric (404). Forexample, a facial recognition software may extract facialcharacteristics from a digital portrait of the subject. In someimplementations, an analytical algorithm may extract characteristicsfrom a finger-print, for example, by decomposing the finger-printpattern into principal components (also known as singular valuedecomposition). In some implementations, an analytic algorithm mayextract characteristics from a finger-print based on coefficients fromedge preserving transformations such as wavelet transforms, Houghtransforms, etc. Similar analytical algorithms may be applied to extractcharacteristics from a palm-print, an iris pattern, a retina pattern, apupil pattern, etc.

The extracted characteristics may serve as a compressed representationof the digital biometric. The extracted characteristics may then bestored at a searchable database (406). Using the extractedcharacteristics, rather than the full digital biometric may reducestorage space requirement or enhance search speed. In someimplementations, the extracted characteristics may be stored at acentral server managed by the entity issuing the identificationdocument. In some implementations, a copy of the extractedcharacteristics may be stored on a mobile device of the subject, i.e.,the person from whom the digital biometric was taken.

Next, a digital watermark may be applied to the digital biometric of thesubject (408). In some implementations, the digital watermark may beapplied to an area other than the digital biometric on the digitalidentification document. The digital watermark may be applied to encodeany number, letter, or symbology in accordance with the descriptionherein. In some implementations, digital watermarks including bothluminance and chrominance modulations may be applied, as describedabove. In some implementations, the encoded information may beencrypted, as disclosed above. In some implementations, the digitalwatermarks may encode personally identifiable information of thesubject. As discussed herein, the personally identifiable informationmay include name (including full name, first name, last name,middle/initials), date of birth, height, weight, residential address,gender, nationality, occupation, marital status, eye color, hair color,blood type election zone, document number, issue date, etc. In someimplementations, the digital watermarks may encode informationindicating the source or the issuing entity of the digitalidentification document.

Thereafter, a digital identification document may be issued (410). Thedigital identification document may include both the digital biometricand the digital watermark. In some implementations, the digitalidentification document may include a digitally watermarked digitalbiometric. The digital identification document may be issued to a mobiledevice of the subject. Example mobile devices may include smart phones,such as, for example, an iPhone, a Samsung smart phone, a HTC smartphone, an Android smart phone, a Windows smart phone, etc. In addition,mobile device may include a tablet device, for example, an iPad, aSamsung Note device, a Microsoft touch device, etc. Further, mobiledevice may also include a laptop device, or even a desktop computer athome. The digital identification document may be issued in the form of adigital file stored on the mobile device.

A digital identification document can lead to increased ease in documentrenewal or replacement. FIG. 4B is a flow chart showing an exampleprocess of renewing a digital identification document according to someimplementations. A request to renew the digital identification documentmay be received (412). The request may be received on-line by a serverat the issuing entity. The server may verify the renewal request (414).For example, the server may check the source of the renewal request toconfirm the validity of the request. The source may refer to theoriginating device, for example, the subject's mobile device. The sourcedevice may be verified based on a secured identifier associated with themobile device. The source may also refer to the requestor who submittedthe renewal request. The requestor may submit the request through anon-line account and therefore may be verified according to the userauthentication protocol for accessing the on-line account. In submittingthe renewal request, the subject may update some personally identifiableinformation, such as, for example, marital status, occupation,residential address, etc. The subject may also submit a more recentbiometric, such as, for example, a more recent facial portrait. Afterreceiving the updated personally identifiable information, the servermay update payload data associated with the digital watermarkaccordingly (416). As discussed above, the payload data may encode aportion of the personally identifiable information of the subject.Thereafter, the server may issue a renewed identification document(418). The renewed identification document may be issued to thesubject's mobile device for display in the same manner as describedabove. The renewed identification document may be issued with a newexpiration date later than the old expiration date on the replacedidentification document. In some implementations, the renewed digitalidentification document may incorporate updated information other thanpersonally identifiable information. Examples may include donor consentinformation. In issuing the renewed digital identification document,neither a physical trip to the issuing entity nor a physical copy may berequired.

Similar ease may be observed in the replacement process (for example,when the subject lost the digital identification document due to storagefailure). FIG. 4C is a flow chart showing an example process ofreplacing a digital identification document according to someimplementations. A request to replace the digital identificationdocument may be received (422). The request may be received on-line by aserver at the issuing entity. The server may verify the replacementrequest (424) by means similar to the descriptions above. Thereplacement request may update the personally identifiable informationof the subject which may cause the server to update the payload dataassociated with the digital watermark to be applied (426). Thereafter,the replacement digital identification document may be issued (428) inaccordance with the descriptions herein. In some implementations, theidentification document may be issued with a version number todistinguish from the replaced identification document. The versionnumber may be tracked by the server in future administrations. In someimplementations, the renewed digital identification document mayincorporate updated information other than personally identifiableinformation. Examples may include donor consent information. Similar tothe disposition of a renewal request, neither a physical trip to theissuing entity nor a physical copy may be required.

Likewise, revocation or suspension of a digital identification documentmay be accomplished without a physical trip to the issuing entity or thedestruction of a physical document. In some implementations, arevocation request may be submitted on-line to a server at the issuingentity. After verifying the revocation request, the server may revokethe digital identification document by removing the digitalidentification document from the storage medium on the mobile device ofthe document holder. In some implementations, the server may issue arevoked digital identification document to over-write the originaldigital identification document. In so doing, the server may keep aversion number of the digital identification document issued. Theversion number may be checked when the holder attempts to validate thedigital identification document on the holder's mobile device.

FIG. 4D is a flow chart showing an example method of securing thedigital identification document according to some implementations. Inaddition to encryption, the integrity of the digital identificationdocument may be secured (432), for example, by security checkinformation embedded into the digital identification document. Theembedded security check information may be encrypted as described above.In particular, the integrity check information may be embedded into thedigital identification document based on which alterations of thedigital identification document can be detected. For example, securitycheck information may be generated based on the contents of the digitalidentification document (434). Such security check information mayinclude but may not be limited to a check sum, a hash, a cyclicredundancy check (CRC) code, etc. The security check information may bestored for comparison. In some implementations, the security checkinformation may be stored on a server at the issuing entity. In someimplementations, the security check information may be stored on themobile device. The stored copy may be compared against at the time ofservice.

FIG. 4E shows a digital identification document 440 according to someimplementations. Digital identification document 440 may be displayedon, for example, the touch screen of a smartphone. The size of thedisplayed digital identification document may be mimic the size of aphysical identification document. For example, a driver's license may beof the dimension of ID-1. ISO/IEC 7810 standard for ID-1 is nominally85.60 by 53.98 millimeters (3.370 in×2.125 in), which is about the sizeof a credit card. The display may be implemented by a custom applicationcapable of handling the file format of the digital identificationdocument. The custom application may prevent screen capture programsfrom saving the screen display to generate a screen copy of the digitalidentification document. In some implementations, the digitalidentification document may only be viewable from the custom applicationon the subject's mobile device. For example, the digital identificationdocument may be encrypted by a public key of the mobile device of thesubject. The corresponding private key may be tied to the mobile deviceand accessible only from the mobile device. As a result, only thesubject's mobile device may be capable of displaying the digitalidentification document to a human inspector. The digital identificationdocument may be encrypted using the issuing entity's private key and thecustom software may be configured to decrypt only with the issuer'spublic key.

FIG. 5A is a flow chart showing an example method of validating thedigital identification document according to some implementations. Thevalidation may be performed at a point of service. A point of servicemay refer to a point of sale, when the holder of the identificationdocument attempts to buy or sell a merchandise. A point of server maygenerally refer to a point of transaction, when the holder of theidentification document attempts to access an account, obtain entry intoa facility, or any type of transaction for which a proof of identity maybe required. At a point of service, when the holder of the digitalidentification document presents the digital identification document toprove his/her identity, the holder may present the touch screen of amobile device to a human inspector. The human inspector may compare thedisplayed portrait against the presenter. If the displayed portrait doesnot match the presenter, the human inspector may reject any identityclaim made by the presenter. In some implementations, if the humaninspector determines that the displayed portrait matches the presenter,the human inspector may defer further processing to a reading device. Insome implementations, the entire inspection may be performed by areading device. The reading device may be any computing device with aprocessor and a transceiver as a data communications interface. To beginwith, data encoding the digital identification document may be receivedby a reading device (501). The reading device may receive the digitalidentification document by scanning the touch screen of a mobile device.The reading device may receive the digital identification document via acommunication link so that data encoding the digital identificationdocument may be transmitted to the reading device, while a humaninspector may inspect the digital identification document. Thetransmission of the data encoding the digital identification documentmay be wireless. In other words, the digital identification document maybe beamed to the reading device.

Once the reading device receives the digital identification document,both the digital biometric (502) and the digital watermark (512) may bereceived at the reading device. The reading device may retrieve a firstportion of personally identifiable information associated with thedigital biometric (504). In some implementations, characteristics may beextracted from the digital biometric. As described above, thesecharacteristics may include, for example, principal component valuesfrom a singular value decomposition, wavelet coefficients from a wavelettransform, etc. In some implementations, the extracted characteristicsmay be generated by facial recognition software on the reading device.In some implementations, the extracted characteristics may be comparedagainst a searchable database at the point of service. In someimplementations, the extracted characteristics may be transmitted to acentral server. Referring to FIG. 5B, data encoding the extractedcharacteristics may be transmitted to a searchable database on thecentral server for comparison (520). If the search yields a match, thenthe corresponding personally identifiable information of the holder ofthe digital identification document may be retrieved. As discussedabove, when issuing the digital identification document, a portion ofthe personally identifiable information associated with holder of thedigital identification document may be stored on a searchable databaseof the issuing entity. The portion of the personally identifiableinformation stored at the server may be referred to as the first portionof the personally identifiable information. The server at the issuingentity may transmit the first portion of personally identifiableinformation back to the reading device. Thus, the first portion ofpersonally identifiable information may be received at the point ofservice (522). As discussed above, the characteristics of the digitalbiometric may be a compact representation of the digital biometric andthe overhead of storage or communication to the server may be reduced.

Returning to FIG. 5A, a second portion of personally identifiableinformation 516 associated with the second digital watermark may beextracted (514). The extraction may be performed by the reading deviceon the digital identification document. Thereafter, the validity of thedigital identification document may be confirmed based on the firstportion of personally identifiable information 506 with the secondportion of personally identifiable information 516 (510). Referring toFIG. 5B, the reading device may correlate the first portion ofpersonally identifiable information 506 with the second portion ofpersonally identifiable information 516 (524). In some implementations,the first and second portions of personally identifiable information mayinclude a common piece of information, for example, the holder's birthdate. Correlating the first and second portions may include comparing apiece of information meant to be identical in contents albeit encoded bytwo independent mechanisms. In addition, the two portions of personallyidentifiable information may be stored and retrieved separately. Theintroduced redundancy may further enhance confidence in validitydetermination. In some implementations, correlating may also includecombining or concatenating pieces of information from the first andsecond portions. The correlation may yield a matching result confirmingthat the digital identification document is authentic (526). Asdiscussed above, the match may not be perfect and may depend on thequality of the scanned image of the digital identification document, thecontext of the application, the sophistication of digital watermarkingat a particular jurisdiction, or prior dealings of the holder of thedigital identification document.

FIG. 5C is a flow chart showing an example method of validating thedigital identification document according to some implementations. Insome implementations, once the digital biometric is received at thereading device, the characteristics of the digital biometric may beextracted (530) and then transmitted to a server at the issuing entity(532). Likewise, once the digital watermark has been received at thereading device, the encoded personally identifiable information may beextracted by the reading device (534). In accordance with thediscussions above, the extracted personally identifiable information maybe referred to as the second portion of personally identifiableinformation. The reading device may transmit the second portion of thepersonally identifiable information to the server (536). The server maybe then validate the digital identification document. For example, theserver may retrieve the first portion of personally identifiableinformation by searching the extracted characteristics against recordsin the searchable database. As discussed above, a matching record mayreveal the first portion of the personally identifiable information. Theserver may then correlate the two portions of personally identifiableinformation to validate the digital identification document. The readingdevice may receive the validation results (538) and then notify thehuman inspector at the point of service. The notification may include avisual display of a textual message, an iconic message on a graphicdisplay, a voice message, etc.

To prove identity at a point of service, a digitally watermarkedportrait may be used a personalized QR code in some implementations.FIG. 6A is a flow chart showing an example method of digitallywatermarking a digital portrait as a machine-readable code according tosome implementations. A digital facial portrait of a subject may bereceived at a server of an issuing entity (602). The digital facialportrait may be digitally stored on a storage device on the server. Thefacial portrait may be taken from the subject at any locations and maynot be limited to studios or DMV offices. The digital facial portraitmay have a virtual backdrop that replaces the actual backdrop. Thedigital portrait may comply with existing standards on biometrics, suchas, for example, the International Civil Aviation Organization (ICAO)standard. The digital portrait may also comply with other standardsunder development.

Thereafter, at least one digital watermark may be applied to the digitalfacial portrait of the subject (408). The applied digital watermark mayidentify payload data associated with the subject. In someimplementations, a digital watermark may be applied to carry payloaddata encoding a portion of personally identifiable information of thesubject. For example, the digital watermark may include modulatedMoire's pattern to carry the payload data. In some implementations, thedigital watermark may be linked to personally identifiable information.For example, the digital watermark may include symbology marksidentifying the subject being portrayed. In some implementations,digital watermarks including both luminance and chrominance modulationsmay be applied, as described above. In some implementations, the encodedinformation may be encrypted, as disclosed above. As discussed herein,the personally identifiable information may include name (including fullname, first name, last name, middle/initials), date of birth, height,weight, residential address, gender, nationality, occupation, maritalstatus, eye color, hair color, blood type election zone, documentnumber, issue date, etc. In some implementations, the digital watermarksmay encode information indicating the source or the issuing entity ofthe digital identification document.

Subsequently, the digitally watermarked digital portrait may be issuedas a machine-readable code (606). In some implementations, the digitallywatermarked digital portrait may be issued to a mobile device of thesubject, for example, in the form of a digital file stored on the mobiledevice, as discussed above.

The digitally watermarked digital portrait may lead to increased ease indocument management. FIG. 6B is a flow chart showing an example processof renewing a digitally watermarked digital portrait according to someimplementations. A request to renew the digitally watermarked digitalportrait may be received (612). The renewal request may be received atthe server of the issuing entity. The renewal request may be verified(614). For example, the server may check the source of the renewalrequest to confirm the validity of the request. The source may refer tothe originating device, for example, the subject's mobile device. Thesource device may be verified based on a secured identifier associatedwith the mobile device. The source may also refer to the requestor whosubmitted the renewal request. The requestor may submit the requestthrough an on-line account and therefore may be verified according tothe user authentication protocol for accessing the on-line account. Insubmitting the renewal request, the subject may update some personallyidentifiable information, such as, for example, marital status,occupation, residential address, etc. The subject may also submit a morerecent facial portrait. After receiving the updated personallyidentifiable information, the server may update payload data associatedwith the digital watermark accordingly (616). As discussed above, thepayload data may encode a portion of the personally identifiableinformation of the subject. Thereafter, the server may issue a reneweddigitally watermarked digital portrait (618). The renewed digitallywatermarked digital portrait may be issued to the subject's mobiledevice for display in the same manner as described above. The reneweddigitally watermarked digital portrait may be issued with a newexpiration date later than the old expiration date of the replaceddigitally watermarked digital portrait. In issuing the renewed digitallywatermarked digital portrait, neither a physical trip to the issuingentity nor a physical copy may be required.

Similar ease may be observed in the replacement process of the digitallywatermarked digital portrait. FIG. 6C is a flow chart showing an exampleprocess of replacing a digitally watermarked digital portrait accordingto some implementations. A request to replace the digitally watermarkeddigital portrait may be received (622). The request may be receivedon-line by a server at the issuing entity. The server may verify thereplacement request (424) by means similar to the descriptions above.The replacement request may update the personally identifiableinformation of the subject which may cause the server to update thepayload data associated with the digital watermark to be applied (626).Thereafter, the replacement digitally watermarked digital portrait maybe issued (428) in accordance with the descriptions herein. In someimplementations, the digitally watermarked digital portrait may beissued with a version number to distinguish from the replaced digitallywatermarked digital portrait. The version number may be tracked by theserver in future administrations. Similar to the disposition of arenewal request, neither a physical trip to the issuing entity nor aphysical copy may be required.

FIG. 6D is a flow chart showing an example method of securing adigitally watermarked digital portrait according to someimplementations. In addition to encryption, the integrity of thedigitally watermarked digital portrait may be secured (632), forexample, based on security check information embedded into the digitallywatermarked digital portrait. In particular, the integrity checkinformation may be embedded into the digitally watermarked digitalportrait based on which alterations of the digitally watermarked digitalportrait can be detected. For example, security check information may begenerated based on the contents of the digitally watermarked digitalportrait (434). Such security check information may include but may notbe limited to a check sum, a hash, a cyclic redundancy check (CRC) code,etc. The generated security check information may be stored forcomparison. In some implementations, the security check information maybe stored on a server at the issuing entity. In some implementations,the security check information may be stored on the mobile device. Thestored copy may be compared against at the time of service.

The digitally watermarked digital portrait may be displayed on, forexample, a touch screen of the mobile device. FIG. 6E shows an exampledigitally watermarked digital portrait 640 displayed on the touch screenof a mobile device. The display may be managed by a custom applicationprogram on the mobile device with any of the security features describedherein.

FIG. 7A is a flow chart showing an example method of validating thedigitally watermarked digital portrait according to someimplementations. As discussed above, the validation may be performed ata point of service. At a point of service, when the person presents thedigitally watermarked digital portrait to prove his/her identity, theperson may present the touch screen of a mobile device to a humaninspector. The human inspector may compare the displayed portraitagainst the presenter. If the displayed portrait does not match thepresenter, the human inspector may reject any identity claim made by thepresenter. In some implementations, if the human inspector determinesthat the displayed portrait matches the presenter, the human inspectormay defer further processing to a reading device.

In some implementations, the entire inspection may be performed by areading device. The reading device may be any computing device with aprocessor and a transceiver as a data communications interface. Thedigitally watermarked digital portrait may be received at a readingdevice (702). For example, the reading device may receive the digitallywatermarked digital portrait by scanning the touch screen of a mobiledevice. The reading device may receive the digitally watermarked digitalportrait via a communication link so that data encoding the digitallywatermarked digital portrait may be transmitted to the reading device.The transmission of the data encoding the digital identificationdocument may be wireless. In other words, the digital identificationdocument may be beamed to the reading device. Thus, the reading devicemay obtain data encoding the digitally watermarked digital portrait(704). In some implementations, the reading device may be configured totake a photo portrait of the presenter and then automatically comparethe photo portrait with the digital portrait using facial recognition.The reading device may then receive results of comparison between thedigital facial portrait and the presenter (706). The results mayindicate whether the digital facial portrait matches the presenter(708). If the digital facial portrait does not match the presenter, thereading device may provide instructions to the human inspector to rejectall identity claims by the presenter (710). If the digital facialportrait matches the presenter, the reading device may then confirm thepresenter as the holder of the digitally watermarked digital portrait(712).

The reading device may then retrieve payload data from the digitalwatermark (714) in accordance with descriptions herein. The readingdevice may then receive results of verifying the contents of the payloaddata (716). As discussed above, the verification may include correlatingtwo portions of personally identifiable information encoded byrespective digital watermarks. The respective digital watermarks mayincorporate separate modulation mechanism including luminance andchrominance. In some implementations, the verification may includecorrelating the personally identifiable information extracted from thedigital watermark with records at a searchable database on a server.

Referring to FIG. 7B, in some implementations, the reading device mayretrieve security check information from payload data of the digitalwatermark (730). As discussed above, the security check information maybe generated at the time of issuance. For example, the security checkinformation may capture a summary information of the digital portrait orpersonally identifiable information of the holder. The security checkinformation may be a checksum, a hash, or any redundancy checking code.The retrieved security check information may be compared against thesame summary information obtained from the digital portrait. In someimplementations, the security check information may be transmitted tothe server at the issuing entity for comparison (732). The server maycompare the security check information with the summary informationobtainable from the records at the server. As the discussed above, thecorrelation may not be a perfect correlation. Instead, the quality ofthe correlation may depend on the context of the application,sophistication of the issuing authority, and prior dealings of theholder. Thereafter, the reading device may receive results of theverification from the server (734).

Returning to FIG. 7A, the results of correlation may indicate whetherthe contents of the payload data are verified. If the contents of thepayload data are not verified, the reading device may prompt the humaninspector to reject all identity claims by the presenter (720). If thecontents of the payload data are verified, the reader device mayindicate to the human inspector that the authenticity of the digitallywatermarked digital portrait has been confirmed (722).

FIG. 8 is a diagram showing an example reading device 800 for validatingan identification document according to some implementations. Readingdevice may be configured to read any of the identification document ordigital portrait watermarked in accordance with the description herein.Reading device 800 may include data interface 802 to read in data. Forexample, data interface 802 may include a scanning device to scan anidentification document presented, a digital identification documentdisplayed on the touch screen of a mobile device, a digital portraitdisplayed on the touch screen of a mobile device. In someimplementations, data interface 802 may read data from a physicalidentification document, for example, a magnetic stripe, a chip, etc. onthe identification document. In some implementations, data interface 802may establish a wireless link with a mobile device of the presenter of adigital identification document or digital portrait. Data interface 802may then receive data encoding the digital identification document orthe digital portrait through the wireless link. The wireless link mayutilize any region on the electromagnetic spectrum, including theinfrared band.

Reading device may include processor 804 configured to validate theidentification document or the digital portrait in accordance with thedescriptions above. For example, processor 804 may be configured toimplement facial recognition algorithms to extract characteristics fromthe portrait on the identification document. Processor 804 may beconfigured to implement feature recognition algorithms to extractcharacteristics from other biometrics such as finger-prints, irispatterns etc. In some implementations, processor 804 may be configuredto retrieve personally identifiable information from the payload dataassociated with the digital watermarks. As discussed above, processor804 may be configured to validate an identification document based onportions of personally identifiable information identified by respectivedigital watermarks using separate mechanisms.

Reading device 800 may include communication interface 806 configured totransmit data to a server at the issuing entity. The data may includethe extracted characteristics or the retrieved personally identificationdocument. As discussed above, the server may compare the extractedcharacteristics to records at a searchable database. The server maycompare the retrieved personally identifiable information againstrecords at the searchable database. Communication interface 806 may alsobe configured to receive verification results from the server.Communication interface 806 may be built on wired or wirelesstechnologies to transmit data to and receive data from the server.

Reading device 800 may additionally include feedback device 808.Feedback device 808 may be configured to provide instructions to a humaninspector. For example, feedback device 808 may include a graphicalinterface to display textual messages or iconic indications to the humaninspector. In some implementations, feedback device 808 may additionallyinclude sound devices to alert the human inspector of the verificationresults, for example, through a text to speech technology.

Implementations of the subject matter and the functional operationsdescribed in this specification can be implemented in digital electroniccircuitry, in tangibly-implemented computer software or firmware, incomputer hardware, including the structures disclosed in thisspecification and their structural equivalents, or in combinations ofone or more of them. Implementations of the subject matter described inthis specification can be implemented as one or more computer programs,i.e., one or more modules of computer program instructions encoded on atangible non transitory program carrier for execution by, or to controlthe operation of, data processing apparatus. The computer storage mediumcan be a machine-readable storage device, a machine-readable storagesubstrate, a random or serial access memory device, or a combination ofone or more of them.

The term “data processing apparatus” refers to data processing hardwareand encompasses all kinds of apparatus, devices, and machines forprocessing data, including, by way of example, a programmable processor,a computer, or multiple processors or computers. The apparatus can alsobe or further include special purpose logic circuitry, e.g., a centralprocessing unit (CPU), a FPGA (field programmable gate array), or anASIC (application specific integrated circuit). In some implementations,the data processing apparatus and/or special purpose logic circuitry maybe hardware-based and/or software-based. The apparatus can optionallyinclude code that creates an execution environment for computerprograms, e.g., code that constitutes processor firmware, a protocolstack, a database management system, an operating system, or acombination of one or more of them. The present disclosure contemplatesthe use of data processing apparatuses with or without conventionaloperating systems, for example Linux, UNIX, Windows, Mac OS, Android,iOS or any other suitable conventional operating system.

A computer program, which may also be referred to or described as aprogram, software, a software application, a module, a software module,a script, or code, can be written in any form of programming language,including compiled or interpreted languages, or declarative orprocedural languages, and it can be deployed in any form, including as astand-alone program or as a module, component, subroutine, or other unitsuitable for use in a computing environment. A computer program may, butneed not, correspond to a file in a file system. A program can be storedin a portion of a file that holds other programs or data, e.g., one ormore scripts stored in a markup language document, in a single filededicated to the program in question, or in multiple coordinated files,e.g., files that store one or more modules, sub programs, or portions ofcode. A computer program can be deployed to be executed on one computeror on multiple computers that are located at one site or distributedacross multiple sites and interconnected by a communication network.While portions of the programs illustrated in the various figures areshown as individual modules that implement the various features andfunctionality through various objects, methods, or other processes, theprograms may instead include a number of sub-modules, third partyservices, components, libraries, and such, as appropriate. Conversely,the features and functionality of various components can be combinedinto single components as appropriate.

The processes and logic flows described in this specification can beperformed by one or more programmable computers executing one or morecomputer programs to perform functions by operating on input data andgenerating output. The processes and logic flows can also be performedby, and apparatus can also be implemented as, special purpose logiccircuitry, e.g., a central processing unit (CPU), a FPGA (fieldprogrammable gate array), or an ASIC (application specific integratedcircuit).

Computers suitable for the execution of a computer program include, byway of example, can be based on general or special purposemicroprocessors or both, or any other kind of central processing unit.Generally, a central processing unit will receive instructions and datafrom a read only memory or a random access memory or both. The essentialelements of a computer are a central processing unit for performing orexecuting instructions and one or more memory devices for storinginstructions and data. Generally, a computer will also include, or beoperatively coupled to receive data from or transfer data to, or both,one or more mass storage devices for storing data, e.g., magnetic,magneto optical disks, or optical disks. However, a computer need nothave such devices. Moreover, a computer can be embedded in anotherdevice, e.g., a mobile telephone, a personal digital assistant (PDA), amobile audio or video player, a game console, a Global PositioningSystem (GPS) receiver, or a portable storage device, e.g., a universalserial bus (USB) flash drive, to name just a few.

Computer readable media (transitory or non-transitory, as appropriate)suitable for storing computer program instructions and data include allforms of non volatile memory, media and memory devices, including by wayof example semiconductor memory devices, e.g., EPROM, EEPROM, and flashmemory devices; magnetic disks, e.g., internal hard disks or removabledisks; magneto optical disks; and CD ROM and DVD-ROM disks. The memorymay store various objects or data, including caches, classes,frameworks, applications, backup data, jobs, web pages, web pagetemplates, database tables, repositories storing business and/or dynamicinformation, and any other appropriate information including anyparameters, variables, algorithms, instructions, rules, constraints, orreferences thereto. Additionally, the memory may include any otherappropriate data, such as logs, policies, security or access data,reporting files, as well as others. The processor and the memory can besupplemented by, or incorporated in, special purpose logic circuitry.

To provide for interaction with a user, implementations of the subjectmatter described in this specification can be implemented on a computerhaving a display device, e.g., a CRT (cathode ray tube), LCD (liquidcrystal display), or plasma monitor, for displaying information to theuser and a keyboard and a pointing device, e.g., a mouse or a trackball,by which the user can provide input to the computer. Other kinds ofdevices can be used to provide for interaction with a user as well; forexample, feedback provided to the user can be any form of sensoryfeedback, e.g., visual feedback, auditory feedback, or tactile feedback;and input from the user can be received in any form, including acoustic,speech, or tactile input. In addition, a computer can interact with auser by sending documents to and receiving documents from a device thatis used by the user; for example, by sending web pages to a web browseron a user's client device in response to requests received from the webbrowser.

The term “graphical user interface,” or GUI, may be used in the singularor the plural to describe one or more graphical user interfaces and eachof the displays of a particular graphical user interface. Therefore, aGUI may represent any graphical user interface, including but notlimited to, a web browser, a touch screen, or a command line interface(CLI) that processes information and efficiently presents theinformation results to the user. In general, a GUI may include aplurality of user interface (UI) elements, some or all associated with aweb browser, such as interactive fields, pull-down lists, and buttonsoperable by the business suite user. These and other UI elements may berelated to or represent the functions of the web browser.

Implementations of the subject matter described in this specificationcan be implemented in a computing system that includes a back endcomponent, e.g., as a data server, or that includes a middlewarecomponent, e.g., an application server, or that includes a front endcomponent, e.g., a client computer having a graphical user interface ora Web browser through which a user can interact with an implementationof the subject matter described in this specification, or anycombination of one or more such back end, middleware, or front endcomponents. The components of the system can be interconnected by anyform or medium of digital data communication, e.g., a communicationnetwork. Examples of communication networks include a local area network(LAN), a wide area network (WAN), e.g., the Internet, and a wirelesslocal area network (WLAN).

The computing system can include clients and servers. A client andserver are generally remote from each other and typically interactthrough a communication network. The relationship of client and serverarises by virtue of computer programs running on the respectivecomputers and having a client-server relationship to each other.

While this specification contains many specific implementation details,these should not be construed as limitations on the scope of anyinvention or on the scope of what may be claimed, but rather asdescriptions of features that may be specific to particularimplementations of particular inventions. Certain features that aredescribed in this specification in the context of separateimplementations can also be implemented in combination in a singleimplementation. Conversely, various features that are described in thecontext of a single implementation can also be implemented in multipleimplementations separately or in any suitable sub-combination. Moreover,although features may be described above as acting in certaincombinations and even initially claimed as such, one or more featuresfrom a claimed combination can in some cases be excised from thecombination, and the claimed combination may be directed to asub-combination or variation of a sub-combinations.

Similarly, while operations are depicted in the drawings in a particularorder, this should not be understood as requiring that such operationsbe performed in the particular order shown or in sequential order, orthat all illustrated operations be performed, to achieve desirableresults. In certain circumstances, multitasking and parallel processingmay be helpful. Moreover, the separation of various system modules andcomponents in the implementations described above should not beunderstood as requiring such separation in all implementations, and itshould be understood that the described program components and systemscan generally be integrated together in a single software product orpackaged into multiple software products.

Particular implementations of the subject matter have been described.Other implementations, alterations, and permutations of the describedimplementations are within the scope of the following claims as will beapparent to those skilled in the art. For example, the actions recitedin the claims can be performed in a different order and still achievedesirable results.

Accordingly, the above description of example implementations does notdefine or constrain this disclosure. Other changes, substitutions, andalterations are also possible without departing from the spirit andscope of this disclosure.

1-18. (canceled)
 19. A computer-implemented method for verifying aperson presenting, at a point of service, a digital identificationdocument that comprises a digital biometric of the person, thecomputer-implemented method comprising: receiving, at a computerprocessor, data encoding the digital identification document displayedon a mobile computing device, the digital identification documentincluding more than one digital watermarks encoding portions ofpersonally identifiable information of the person and informationindicating an issuing entity of the digital identification document;extracting a first portion of the personally identifiable informationfrom a first digital watermark and a second portion of the personallyidentifiable information from a second digital watermark; in response todetermining that the first portion of the personally identifiableinformation and the second portion of the personally identifiableinformation are cross-correlated, authenticating the digitalidentification document by having the first and second portions of thepersonally identifiable information validated based on records outsidethe digital identification document; and in response to validating thefirst portion of the personally identifiable information and the secondportion of the personally identifiable information based on recordsoutside the digital identification document, determining the digitalidentification document is authentic.
 20. The computer-implementedmethod of claim 19, wherein the authenticating comprises: receiving abiometric of the person presenting the digital identification documentat the point of service; and comparing the biometric of the person atthe point of service with the digital biometric on the digitalidentification document.
 21. The computer-implemented method of claim20, further comprising: in response to the person identified accordingto the digital biometric on the digital identification document,providing a signal to indicate that the person be given access at thepoint of service.
 22. The computer-implemented method of claim 19,wherein receiving data encoding the digital identification documentcomprises: receiving more than one digital watermarks embedded in thedigital identification document, each digital watermark encoding arespective portion of the personally identifiable information of theperson.
 23. The computer-implemented method of claim 19, whereinauthenticating the digital identification document comprises: providing,based on the information indicating the issuing entity, the personallyidentifiable information to a server of the issuing entity, wherein theserver is configured to determine whether the personally identifiableinformation matches information in a record of the person previouslystored by the server; and receiving, from the server, an indication thatthe digital identification document is valid in response to the serverdetermining that the personally identifiable information matchesinformation in the record of the person previously stored by the server.24. The computer-implemented method of claim 19, wherein theauthenticating comprises: comparing the first and second portions of thepersonally identifiable information against a searchable system ofrecord holding records from the issuing entity.
 25. Thecomputer-implemented method of claim 24, wherein the authenticatingfurther comprises: transmitting the first and second portions of thepersonally identifiable information to a searchable system of record;and receiving results of comparing the first and second portions of thepersonally identifiable information against the searchable system ofrecord stored.
 26. A computer system comprising a processor configuredto perform operations to verify a person presenting, at a point ofservice, a digital identification document that comprises a digitalbiometric of the person, the operations comprising: receiving, at acomputer processor, data encoding the digital identification documentdisplayed on a mobile computing device, the digital identificationdocument including more than one digital watermarks encoding portions ofpersonally identifiable information of the person and informationindicating an issuing entity of the digital identification document;extracting a first portion of the personally identifiable informationfrom a first digital watermark and a second portion of the personallyidentifiable information from a second digital watermark; in response todetermining that the first portion of the personally identifiableinformation and the second portion of the personally identifiableinformation are cross-correlated, authenticating the digitalidentification document by having the first and second portions of thepersonally identifiable information validated based on records outsidethe digital identification document; and in response to validating thefirst portion of the personally identifiable information and the secondportion of the personally identifiable information based on recordsoutside the digital identification document, determining the digitalidentification document is authentic.
 27. The computer system of claim26, wherein the authenticating comprises: receiving a biometric of theperson presenting the digital identification document at the point ofservice; and comparing the biometric of the person at the point ofservice with the digital biometric on the digital identificationdocument.
 28. The computer system of claim 27, wherein the operationsfurther comprising: in response to the person identified according tothe digital biometric on the identification document, providing a signalto indicate that the person be given access at the point of service. 29.The computer system of claim 26, wherein receiving data encoding thedigital identification document comprises: receiving more than onedigital watermarks embedded in the digital identification document, eachdigital watermark encoding a respective portion of the personallyidentifiable information of the person.
 30. The computer system of claim26, wherein authenticating the digital identification documentcomprises: providing, based on the information indicating the issuingentity, the personally identifiable information to a server of theissuing entity, wherein the server is configured to determine whetherthe personally identifiable information matches information in a recordof the person previously stored by the server; and receiving, from theserver, an indication that the digital identification document is validin response to the server determining that the personally identifiableinformation matches information in the record of the person previouslystored by the server.
 31. The computer system of claim 26, wherein theauthenticating comprises: comparing the first and second portions of thepersonally identifiable information against a searchable system ofrecord holding records from the issuing entity.
 32. The computer systemof claim 31, wherein the authenticating further comprises: transmittingthe first and second portions of the personally identifiable informationto a searchable system of record; and receiving results of comparing thefirst and second portions of the personally identifiable informationagainst the searchable system of record stored.
 33. A non-transitorycomputer readable medium, comprising software instructions that, whenexecuted by a computer, causes the computer to perform operations of:receiving, at a computer processor, data encoding a digitalidentification document displayed on a mobile computing device presentedby a subject at a point of service, the digital identification documentincluding more than one digital watermarks encoding portions ofpersonally identifiable information of the person and informationindicating an issuing entity of the digital identification document;extracting a first portion of the personally identifiable informationfrom a first digital watermark and a second portion of the personallyidentifiable information from a second digital watermark; in response todetermining that the first portion of the personally identifiableinformation and the second portion of the personally identifiableinformation are cross-correlated, authenticating the digitalidentification document by having the first and second portions of thepersonally identifiable information validated based on records outsidethe digital identification document; and in response to validating thefirst portion of the personally identifiable information and the secondportion of the personally identifiable information based on recordsoutside the digital identification document, determining the digitalidentification document is authentic.
 34. The non-transitory computerreadable medium of claim 33, wherein the authenticating comprises:receiving a biometric of the person presenting the digitalidentification document at the point of service; and comparing thebiometric of the person at the point of service with a digital biometricon the digital identification document.
 35. The non-transitory computerreadable medium of claim 34, wherein the operations further comprise: inresponse to the person identified according to the digital biometric onthe identification document, providing a signal to indicate that theperson be given access at the point of service.
 36. The non-transitorycomputer readable medium of claim 33, wherein receiving data encodingthe digital identification document comprises: receiving more than onedigital watermarks embedded in the digital identification document, eachdigital watermark encoding a respective portion of the personallyidentifiable information of the person.
 37. The non-transitory computerreadable medium of claim 33, wherein authenticating the digitalidentification document comprises: providing, based on the informationindicating the issuing entity, the personally identifiable informationto a server of the issuing entity, wherein the server is configured todetermine whether the personally identifiable information matchesinformation in a record of the person previously stored by the server;and receiving, from the server, an indication that the digitalidentification document is valid in response to the server determiningthat the personally identifiable information matches information in therecord of the person previously stored by the server.
 38. Thenon-transitory computer readable medium of claim 33, wherein theauthenticating comprises: comparing the first and second portions of thepersonally identifiable information against a searchable system ofrecord holding records from the issuing entity.
 39. The non-transitorycomputer readable medium of claim 38, wherein the authenticating furthercomprises: transmitting the first and second portions of the personallyidentifiable information to a searchable system of record; and receivingresults of comparing the first and second portions of the personallyidentifiable information against the searchable system of record stored.